Tux Machines

today's howtos

Posted by Roy Schestowitz on Mar 23, 2023,

updated Mar 23, 2023

=> Security Leftovers | Android Leftovers

How To Install Python Pip on Rocky Linux 9

=> ↺ How To Install Python Pip on Rocky Linux 9

In this tutorial, we will show you how to install Python Pip on Rocky Linux 9.

How To Clear Apt Cache In Ubuntu, Debian, And Linux Mint

=> ↺ How To Clear Apt Cache In Ubuntu, Debian, And Linux Mint

In this tutorial, we will show you the easy way to clear Apt Cache in Ubuntu, Debian, and Linux Mint. apt (Advanced Package Tool) is a command-line package manager used in Debian-based Linux distributions?

Error Handling In Ansible Playbooks

=> ↺ Error Handling In Ansible Playbooks

This guide explains about error handling in Ansible Playbooks and how to handle different errors when running playbooks in Ansible in Linux.

Daniel Lange: Install "kept back" updates on Ubuntu

=> ↺ Daniel Lange: Install "kept back" updates on Ubuntu

Canonical has implemented a staged roll-out for some Ubuntu package updates.

I find that rather annoying at times, e.g. when preparing the laptop for traveling.

So for my memory and for the benefit of others: [...]

Michael Prokop: Automatically unlocking a LUKS encrypted root filesystem during boot

=> ↺ Michael Prokop: Automatically unlocking a LUKS encrypted root filesystem during boot

A customer of mine runs dedicated servers inside a foreign data-center, remote hands only. In such an environment you might need a disk replacement because you need bigger or faster disks, though also a disk might (start to) fail and you need a replacement. One has to be prepared for such a scenario, but fully wiping your used disk then might not always be an option, especially once disks (start to) fail. On the other hand you don’t want to end up with (partial) data on your disk handed over to someone unexpected.

By encrypting the data on your disks upfront you can prevent against this scenario. But if you have a fleet of servers you might not want to manually jump on servers during boot and unlock crypto volumes manually. It’s especially annoying if it’s about the root filesystem where a solution like dropbear-initramfs needs to be used for remote access during initramfs boot stage. So my task for the customer was to adjust encrypted LUKS devices such that no one needs to manually unlock the encrypted device during server boot (with some specific assumptions about possible attack vectors one has to live with, see the disclaimer at the end).

=> ↺ dropbear-initramfs

=> ↺ dropbear-initramfs

=> gemini.tuxmachines.org